[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10169 [Tor]: Extend OOM handler to cover channels/connection buffers



#10169: Extend OOM handler to cover channels/connection buffers
------------------------+----------------------------------------
     Reporter:  nickm   |      Owner:
         Type:  defect  |     Status:  needs_review
     Priority:  major   |  Milestone:  Tor: 0.2.4.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-relay oom 024-backport
Actual Points:          |  Parent ID:
       Points:          |
------------------------+----------------------------------------

Comment (by robgjansen):

 TLDR, the defense seems to be working correctly.

 I tried this out on my small 10 node test network in Shadow, where all
 relays has ample 10 MiB/s connections. I merged both my sniper attack code
 and nickm'sÂ'''bug10169_025_v2'''ÂwithÂ'''tor-0.2.5.2-alpha'''. Then I
 tested the sniper attack using 1 team of 10 circuits (1 client instance to
 use a ping circuit to measure rtt, 1 client instance to launch 9 sniper
 circuits). I tested the attack without nickm's defense, and with nickm's
 defense usingÂ`MaxMemInQueuesÂ50 MB`Â(which automatically gets adjusted up
 to 256MB). Then I ran a second test with 2 teams of 10 circuits.

 The results are in
 [https://trac.torproject.org/projects/tor/attachment/ticket/10169/all.ram.time.png
 the attack graph]. Both the graph and the log file indicates that the
 sniper's circuits were successfully killed after memory exceeded the 256MB
 limit.

 I'm not exactly sure why the defense was not being triggered before, but
 looking back at my config I may have been using MaxMemInQueues of 500 MB
 (which would have been to large to trigger OOM killer).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10169#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs